CVE - CVE-2007-6388

CVE-ID
CVE-2007-6388	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080716 rPSA-2008-0035-1 httpd mod_ssl URL:http://www.securityfocus.com/archive/1/494428/100/0/threaded BUGTRAQ:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MLIST:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_13.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_20.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm CONFIRM:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039 CONFIRM:http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html AIXAPAR:PK59667 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only AIXAPAR:PK62966 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966 AIXAPAR:PK63273 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 AIXAPAR:PK65782 URL:http://www-1.ibm.com/support/docview.wss?uid=swg24019245 APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html APPLE:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html FEDORA:FEDORA-2008-1695 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html FEDORA:FEDORA-2008-1711 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html HP:HPSBUX02313 URL:http://www.securityfocus.com/archive/1/488082/100/0/threaded HP:SSRT080015 URL:http://www.securityfocus.com/archive/1/488082/100/0/threaded HP:HPSBMA02388 URL:http://www.securityfocus.com/archive/1/498523/100/0/threaded HP:SSRT080059 URL:http://www.securityfocus.com/archive/1/498523/100/0/threaded HP:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 HP:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 MANDRIVA:MDVSA-2008:014 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 MANDRIVA:MDVSA-2008:015 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 MANDRIVA:MDVSA-2008:016 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 REDHAT:RHSA-2008:0004 URL:http://www.redhat.com/support/errata/RHSA-2008-0004.html REDHAT:RHSA-2008:0005 URL:http://www.redhat.com/support/errata/RHSA-2008-0005.html REDHAT:RHSA-2008:0006 URL:http://www.redhat.com/support/errata/RHSA-2008-0006.html REDHAT:RHSA-2008:0007 URL:http://www.redhat.com/support/errata/RHSA-2008-0007.html REDHAT:RHSA-2008:0008 URL:http://www.redhat.com/support/errata/RHSA-2008-0008.html REDHAT:RHSA-2008:0009 URL:http://www.redhat.com/support/errata/RHSA-2008-0009.html REDHAT:RHSA-2008:0261 URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html SLACKWARE:SSA:2008-045-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 SUNALERT:233623 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1 SUSE:SUSE-SA:2008:021 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html UBUNTU:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 CERT:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID:27237 URL:http://www.securityfocus.com/bid/27237 OVAL:oval:org.mitre.oval:def:10272 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272 SECUNIA:32800 URL:http://secunia.com/advisories/32800 VUPEN:ADV-2008-0047 URL:http://www.vupen.com/english/advisories/2008/0047 VUPEN:ADV-2008-0447 URL:http://www.vupen.com/english/advisories/2008/0447/references VUPEN:ADV-2008-0554 URL:http://www.vupen.com/english/advisories/2008/0554 VUPEN:ADV-2008-0809 URL:http://www.vupen.com/english/advisories/2008/0809/references VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references VUPEN:ADV-2008-0986 URL:http://www.vupen.com/english/advisories/2008/0986/references VUPEN:ADV-2008-1224 URL:http://www.vupen.com/english/advisories/2008/1224/references VUPEN:ADV-2008-1623 URL:http://www.vupen.com/english/advisories/2008/1623/references VUPEN:ADV-2008-1697 URL:http://www.vupen.com/english/advisories/2008/1697 SECTRACK:1019154 URL:http://securitytracker.com/id?1019154 SECUNIA:28467 URL:http://secunia.com/advisories/28467 SECUNIA:28471 URL:http://secunia.com/advisories/28471 SECUNIA:28526 URL:http://secunia.com/advisories/28526 SECUNIA:28607 URL:http://secunia.com/advisories/28607 SECUNIA:28749 URL:http://secunia.com/advisories/28749 SECUNIA:28965 URL:http://secunia.com/advisories/28965 SECUNIA:28977 URL:http://secunia.com/advisories/28977 SECUNIA:28922 URL:http://secunia.com/advisories/28922 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:29504 URL:http://secunia.com/advisories/29504 SECUNIA:29640 URL:http://secunia.com/advisories/29640 SECUNIA:29806 URL:http://secunia.com/advisories/29806 SECUNIA:29988 URL:http://secunia.com/advisories/29988 SECUNIA:30356 URL:http://secunia.com/advisories/30356 SECUNIA:30430 URL:http://secunia.com/advisories/30430 SECUNIA:31142 URL:http://secunia.com/advisories/31142 SECUNIA:30732 URL:http://secunia.com/advisories/30732 SECUNIA:33200 URL:http://secunia.com/advisories/33200 SREASON:3541 URL:http://securityreason.com/securityalert/3541 XF:apache-status-page-xss(39472) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39472
Assigning CNA
N/A
Date Entry Created
20071217	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071217)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org